:tocdepth: 3 base/protocols/quic/spicy-events.zeek ===================================== Events generated by the QUIC analyzer. See See `RFC9000 `__. Summary ~~~~~~~ Events ###### =========================================================== ============================================ :zeek:id:`QUIC::connection_close_frame`: :zeek:type:`event` Generated for a QUIC CONNECTION_CLOSE frame. :zeek:id:`QUIC::handshake_packet`: :zeek:type:`event` Generated for a QUIC Handshake packet. :zeek:id:`QUIC::initial_packet`: :zeek:type:`event` Generated for a QUIC Initial packet. :zeek:id:`QUIC::retry_packet`: :zeek:type:`event` Generated for a QUIC Retry packet. :zeek:id:`QUIC::unhandled_version`: :zeek:type:`event` Generated for an unrecognized QUIC version. :zeek:id:`QUIC::zero_rtt_packet`: :zeek:type:`event` Generated for a QUIC 0-RTT packet. =========================================================== ============================================ Detailed Interface ~~~~~~~~~~~~~~~~~~ Events ###### .. zeek:id:: QUIC::connection_close_frame :source-code: base/protocols/quic/main.zeek 182 192 :Type: :zeek:type:`event` (c: :zeek:type:`connection`, is_orig: :zeek:type:`bool`, version: :zeek:type:`count`, dcid: :zeek:type:`string`, scid: :zeek:type:`string`, error_code: :zeek:type:`count`, reason_phrase: :zeek:type:`string`) Generated for a QUIC CONNECTION_CLOSE frame. :param c: The connection. :param is_orig: True if the packet is from the the connection's originator. :param version: The Version field. :param dcid: The Destination Connection ID field. :param scid: The Source Connection ID field. :param error_code: Count indicating the reason for closing this connection. :param reason_phrase: Additional diagnostic information for the closure. .. note:: Packets with CONNECTION_CLOSE frames are usually encrypted after connection establishment and not visible to Zeek. .. zeek:id:: QUIC::handshake_packet :source-code: base/protocols/quic/main.zeek 142 146 :Type: :zeek:type:`event` (c: :zeek:type:`connection`, is_orig: :zeek:type:`bool`, version: :zeek:type:`count`, dcid: :zeek:type:`string`, scid: :zeek:type:`string`) Generated for a QUIC Handshake packet. :param c: The connection. :param is_orig: True if the packet is from the the connection's originator. :param version: The Version field. :param dcid: The Destination Connection ID field. :param scid: The Source Connection ID field. .. zeek:id:: QUIC::initial_packet :source-code: base/protocols/quic/main.zeek 136 140 :Type: :zeek:type:`event` (c: :zeek:type:`connection`, is_orig: :zeek:type:`bool`, version: :zeek:type:`count`, dcid: :zeek:type:`string`, scid: :zeek:type:`string`) Generated for a QUIC Initial packet. :param c: The connection. :param is_orig: True if the packet is from the the connection's originator. :param version: The Version field. :param dcid: The Destination Connection ID field. :param scid: The Source Connection ID field. .. zeek:id:: QUIC::retry_packet :source-code: base/protocols/quic/main.zeek 155 165 :Type: :zeek:type:`event` (c: :zeek:type:`connection`, is_orig: :zeek:type:`bool`, version: :zeek:type:`count`, dcid: :zeek:type:`string`, scid: :zeek:type:`string`, retry_token: :zeek:type:`string`, retry_integrity_tag: :zeek:type:`string`) Generated for a QUIC Retry packet. :param c: The connection. :param is_orig: True if the packet is from the the connection's originator. :param version: The Version field. :param dcid: The Destination Connection ID field. :param scid: The Source Connection ID field. :param retry_token: The Retry Token field. :param integrity_tag: The Retry Integrity Tag field. .. zeek:id:: QUIC::unhandled_version :source-code: base/protocols/quic/main.zeek 168 178 :Type: :zeek:type:`event` (c: :zeek:type:`connection`, is_orig: :zeek:type:`bool`, version: :zeek:type:`count`, dcid: :zeek:type:`string`, scid: :zeek:type:`string`) Generated for an unrecognized QUIC version. :param c: The connection. :param is_orig: True if the packet is from the the connection's originator. :param version: The Version field. :param dcid: The Destination Connection ID field. :param scid: The Source Connection ID field. .. zeek:id:: QUIC::zero_rtt_packet :source-code: base/protocols/quic/main.zeek 148 152 :Type: :zeek:type:`event` (c: :zeek:type:`connection`, is_orig: :zeek:type:`bool`, version: :zeek:type:`count`, dcid: :zeek:type:`string`, scid: :zeek:type:`string`) Generated for a QUIC 0-RTT packet. :param c: The connection. :param is_orig: True if the packet is from the the connection's originator. :param version: The Version field. :param dcid: The Destination Connection ID field. :param scid: The Source Connection ID field.